Mobile Security Tip: Youtube And The Threat Of Voice Commands

The dangers of voice commands? You would never think such a thing could be so threatening. Well, be warned that it could in fact be harmful enough by taking control of your phone!

According to some researches, a muffled voice buried in a YouTube video can do this. An innocent sounding voice could inadvertently issue commands to a mobile phone a short distance away all without your knowledge! Scary. I’ve never thought of this possibility, have you?

Here’s a video demonstrating this:


And then there’s this research paper yet to be presented at the USENIX Security Symposium in Austin, Texas.

Research paper on Hidden Voice Commands
We all are used to voice recognition now and it has become a norm and a fun thing to do (well, some of us think it’s fun). Undoubtedly, some are still not so accustomed to it yet. Nevertheless, we can still be grateful to Google Now and Siri.

Your device now has a new threat.. A voice! Micah Sherr, a Georgetown University professor has warned in the research paper above.

How the heck?

Mangled words that software can recognize but humans can’t. Words are condensed and mashed up resulting in a demonic voice. Scary!

I wonder what will happen to your phone if you’re watching a horror film. Something to think about. Best to turn your phone off.

Let’s put this into perspective.. and imagine this situation…

You put your phone down, while you sip your coffee, browsing through your emails, replying to instant messages.. minding your own business. Another fellow nearby watches a cute kitten video and unbeknownst to him that video contains an embedded secret message/voice .. That voice could say, Ok Google, open which could be a malware URL… not only that, your phone could even be instructed to snap a pic, or shutdown or …


On the bright side, the chances of it working are slim and success rate probably low but in reality it all comes down to numbers; 1 million kitten lovers watch a kitten video with a secret message embedded, 10,000 of them could be near someone with their phones nearby. Out of that, say 5,000 load and execute the malware URL – 5,000 mobile phones may be doomed and under control!

Hackers could learn and manipulate the voice recognition software, voice commands that are almost impossible to decipher can be created by them.

Here are a few samples of scrambled voice commands by the group of researchers.

In one of the tests with an Android phone, some commands were undetected or misheard. Eerily, when an audio sample was played back asking “What is my current location” – It was heard as “procrastination” by Google Now.  Other attempts somehow were nothing abnormal. Phew!

Perhaps the only defense against this threat is that developers of voice recognition software could incorporate filters to differentiate between human and computer generated sounds.

So, here’s the tip and best practice for now is to be very wary of Youtube videos but should we turn off our phones in public places now or just disable the Google Now  and Siri services running in the background?

The threat is real and it’s scary.

If you’re paranoid (like me)..
How to disable Google Now / Ok Google
How to disable Siri on iPhone and iPad